4 files changed, 345 insertions, 0 deletions
diff --git a/source/n/openvpn/README b/source/n/openvpn/README
new file mode 100644
index 000000000..cf2c6602f
--- /dev/null
+++ b/source/n/openvpn/README
@@ -0,0 +1,26 @@
+OpenVPN is a full-featured SSL VPN which can accomodate a wide
+range of configurations, including remote access, site-to-site VPNs,
+WiFi security, and enterprise-scale remote access with load
+balancing, failover, and fine-grained access-controls.
+
+OpenVPN implements OSI layer 2 or 3 secure network extension using the
+industry standard SSL/TLS protocol, supports flexible client
+authentication methods based on certificates, smart cards, and/or
+2-factor authentication, and allows user or group-specific access
+control policies using firewall rules applied to the VPN virtual
+interface.
+
+This build of OpenVPN depends upon having openssl (not just
+openssl-solibs) and lzo installed on your computer. 
+
+Please note that there is no default config file for OpenVPN. This is
+by design. OpenVPN can technically use any config file in any location.
+However, this script does create an /etc/openvpn/ directory with certs/
+and keys/ subdirectories.  Feel free to place config files, keys, and
+certificates in these directories. certs/ and keys/ are owned by user
+root and group nobody and are not world readable nor writable.
+Additionally, they are not writable by group nobody. It is recommended
+that you run openvpn nobody:nobody, but you may use another
+non-privilaged user and group at your option.  Just change the
+permissions on these permissions to reflect that if you do.
+
diff --git a/source/n/openvpn/openvpn.SlackBuild b/source/n/openvpn/openvpn.SlackBuild
new file mode 100755
index 000000000..45c1a17d8
--- /dev/null
+++ b/source/n/openvpn/openvpn.SlackBuild
@@ -0,0 +1,122 @@
+#!/bin/sh
+
+# Copyright 2006, Alan Hicks, Lizella, GA
+# Copyright 2008, 2009  Patrick J. Volkerding, Sebeka, MN, USA
+# All rights reserved.
+#
+# Redistribution and use of this script, with or without modification, is
+# permitted provided that the following conditions are met:
+#
+# 1. Redistributions of this script must retain the above copyright
+#    notice, this list of conditions and the following disclaimer.
+#
+#  THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR IMPLIED
+#  WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
+#  MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.  IN NO
+#  EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+#  SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
+#  PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS;
+#  OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
+#  WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR
+#  OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF
+#  ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+
+
+PRGNAM=openvpn
+VERSION=2.0.9
+ARCH=${ARCH:-x86_64}
+BUILD=${BUILD:-1}
+
+NUMJOBS=${NUMJOBS:-" -j7 "}
+
+if [ "$ARCH" = "i486" ]; then
+  SLKCFLAGS="-O2 -march=i486 -mtune=i686"
+  LIBDIRSUFFIX=""
+elif [ "$ARCH" = "s390" ]; then
+  SLKCFLAGS="-O2"
+  LIBDIRSUFFIX=""
+elif [ "$ARCH" = "x86_64" ]; then
+  SLKCFLAGS="-O2 -fPIC"
+  LIBDIRSUFFIX="64"
+fi
+
+CWD=$(pwd)
+TMP=${TMP:-/tmp}
+PKG=$TMP/pkg-$PRGNAM
+
+rm -rf $PKG
+mkdir -p $TMP $PKG
+cd $TMP
+rm -rf $PRGNAM-$VERSION
+tar xvf $CWD/$PRGNAM-$VERSION.tar.gz || exit 1
+cd $PRGNAM-$VERSION || exit 1
+
+# Fix ownership and permissions inside the source tarball.
+# It's appalling how many projects have 777 permissions or
+# even suid, sgid, and sticky bits set on things.
+chown -R root:root .
+find . \
+  \( -perm 777 -o -perm 775 -o -perm 711 -o -perm 555 -o -perm 511 \) \
+  -exec chmod 755 {} \; -o \
+  \( -perm 666 -o -perm 664 -o -perm 600 -o -perm 444 -o -perm 440 -o -perm 400 \) \
+  -exec chmod 644 {} \;
+
+CFLAGS="$SLKCFLAGS" \
+CXXFLAGS="$SLKCFLAGS" \
+./configure \
+  --prefix=/usr \
+  --libdir=/usr/lib${LIBDIRSUFFIX} \
+  --sysconfdir=/etc/openvpn \
+  --localstatedir=/var \
+  --enable-lzo \
+  --build=$ARCH-slackware-linux
+
+make $NUMJOBS || make || exit 1
+make install-strip DESTDIR=$PKG || exit 1
+
+# Create a decent config directory. openvpn doesn't have one by
+# default, nor does it have a single config file.
+mkdir -p $PKG/etc/openvpn/{certs,keys}
+chown root:nobody $PKG/etc/openvpn/{certs,keys}
+chmod 750 $PKG/etc/openvpn/{certs,keys}
+
+# Install a reasonably generic sample config file:
+cp -a $CWD/openvpn.conf.sample $PKG/etc/openvpn/openvpn.conf.sample
+chmod 644 $PKG/etc/openvpn/openvpn.conf.sample
+
+# Let folks know about the other configs, if they haven't found them.
+# They might even find the documentation there useful.  ;-)
+cat << EOF > $PKG/etc/openvpn/README.TXT
+Have a look in /usr/doc/$PRGNAM-$VERSION/sample-config-files
+for some more examples of how to configure OpenVPN.  You'll
+need to add something to your /etc/rc.d/rc.local to start
+OpenVPN, as well as to tell it where to find its config file.
+
+
+See "man openvpn" and the other docs for more information.
+EOF
+
+# Add a link, too:
+mkdir -p $PKG/usr/doc/$PRGNAM-$VERSION/sample-config-files
+( cd $PKG/usr/doc/$PRGNAM-$VERSION/sample-config-files
+  ln -sf /etc/openvpn/openvpn.conf.sample .
+)
+
+if [ -d $PKG/usr/man ]; then
+( cd $PKG/usr/man
+  find . -type f -exec gzip -9 {} \;
+  for i in $(find . -type l) ; do ln -s $( readlink $i ).gz $i.gz ; rm $i ; done
+)
+fi
+
+mkdir -p $PKG/usr/doc/$PRGNAM-$VERSION
+cp -a AUTHORS COPYING COPYRIGHT.GPL ChangeLog INSTALL INSTALL-win32.txt \
+  NEWS PORTS README sample-config-files sample-keys sample-scripts easy-rsa \
+  $PKG/usr/doc/$PRGNAM-$VERSION
+
+mkdir -p $PKG/install
+cat $CWD/slack-desc > $PKG/install/slack-desc
+
+cd $PKG
+/sbin/makepkg -l y -c n $TMP/$PRGNAM-$VERSION-$ARCH-$BUILD.txz
+
diff --git a/source/n/openvpn/openvpn.conf.sample b/source/n/openvpn/openvpn.conf.sample
new file mode 100644
index 000000000..4314b5441
--- /dev/null
+++ b/source/n/openvpn/openvpn.conf.sample
@@ -0,0 +1,178 @@
+# openvpn.conf.sample
+#
+# This is a sample configuration file for OpenVPN.
+# Not all options are listed here; you can find good documentation 
+# about all of the options in OpenVPN's manual page - openvpn(8).
+#
+# You can make a P-t-P connection by creating a shared key, 
+# copying this key to other hosts in your network, and changing
+# the IP addresses in this file.
+#
+# Commented options are provided for some typical configurations 
+
+# Change the "search" path to /etc/openvpn
+# All files referenced in this configuration will be relative to 
+# whatever directory is specified here - we default to /etc/openvpn 
+cd /etc/openvpn
+
+# If running as a server, which local IP address should OpenVPN
+# listen on? Specify this as either a hostname or IP address. If
+# this is left blank, OpenVPN will default to listening on all
+# interfaces.
+#local a.b.c.d
+
+# This option defines the IP or DNS name of the other side of your VPN
+# connection.  This option is needed if you are making client or P-t-P 
+# connections.  If you are the server, use "local" instead.  This may
+# be specified as a domain name or IP address.
+#remote vpn.server.org
+
+# This option defins the protocol to use.  Valid options are:
+# udp, tcp-server, or tcp-client.  Default is udp, and generally
+# speaking, tcp is a bad idea.
+proto udp
+
+# This option defines the port on which your server will be listening 
+# or trying to connect. The default is 1194
+port 1194
+
+# This option defines whether to use LZO compression. 
+# If enabled, it must be enabled at both ends of the VPN connection. 
+#comp-lzo
+
+# Debug level (default 1)
+#verb 3
+
+# VPN logfile location
+# If you don't specify a location here, logging will be done through
+# syslogd and write to /var/log/messages
+log-append /var/log/openvpn.log
+
+# If you want to use OpenVPN as a daemon, uncomment this line.
+# Generally speaking, servers should run OpenVPN as a daemon
+# and clients should not.
+#daemon
+
+# Device type to use, you can choose between tun or tap. 
+# TUN is the most common option. If you have multiple connections, 
+# it is a good idea to bind each connection to a separate TUN/TAP 
+# interface using tunX/tapX, where X is the number of each interface.
+dev tun
+
+# This option prevents OpenVPN from closing and re-opening the tun/tap 
+# device every time it receives a SIGUSR1 signal
+#persist-tun
+
+# This is similar to the previous option, but it prevents OpenVPN from
+# re-reading the key files every time
+#persist-key
+
+# If you are using a client-server architecture, you need to specify the 
+# role of your computer in your VPN network.  To use one of these options,
+# you need to configure TLS options too.
+#
+# To use the "server" option, you must specify a network subnet such
+# as 172.16.1.0 255.255.255.0.  The first number is the network, the
+# second is the netmask.  OpenVPN will take the first available IP
+# for itself (in our example, 172.16.1.1) and the rest will be
+# given to connecting clients dynamically.
+#
+# Leave these commented out if you are using OpenVPN in bridging mode.
+#
+#server 10.1.2.0 255.255.255.0
+#client
+
+# This option defines a file with IP address to client mapping. 
+# This is useful in general, and necessary if clients use persist-tun.
+#ifconfig-pool-persist ips.txt
+
+# Enable this option if you want clients connected to this VPN to be
+# able to talk directly to each other
+#client-to-client
+
+# This option defines the directory in which configuration files for clients 
+# will reside.  With individual files you can make each client get different 
+# options using "push" parameters
+#client-config-dir ccd
+
+# If you are using P-t-P, you need to specify the IP addresses at both ends 
+# of your VPN connection.  The IP addresses are reversed at the other side.
+#
+# You can use this to specify client IP addresses in ccd files (on server) 
+# or directly in client configuration
+#ifconfig 10.1.2.1 10.1.2.2
+
+# You can set routes to specific networks. In the sample below, "vpn_gateway"
+# is an internal OpenVPN alias to your VPN gateway - leave it as is.
+# This will enable you to talk with the networks behind your VPN server. 
+# Multiple routes can be specified.
+#
+# +------------+ <eth>-<tun>               <tun>-<eth> +------------+
+# |  Network1  |---| VPN1 |--[10.1.2.0/24]--| VPN2 |---|  Network2  |
+# +------------+   +------+                 +------+   +------------+
+# 192.168.0.0/24                                       192.168.2.0/24
+#
+# The sample below shows how VPN1 server can reach Network2
+#route 192.168.2.0 255.255.255.0 vpn_gateway
+
+# You can send clients many network configuration options using the 
+# "push" directive and sending commands.
+# Multiple "push" directives can be used.  You should only put global
+# "push" directives here.  You can "push" different options to
+# different clients in per-client configuration files.  See
+# "client-config-dir" above.
+#
+# Using the same network configuration that you see above, the route statment 
+# here allows VPN2 to reach Network1 
+#push "route-delay 2 600"
+#push "route 192.168.2.0 255.255.255.0 vpn_gateway"
+#push "persist-key"
+
+# This option sets the encryption algorithm to use in the VPN connection.
+# Available options are:
+# DES-CBC, RC2-CBC, DES-EDE-CBC,  DES-EDE3-CBC, 
+# DESX-CBC, BF-CBC, RC2-40-CBC, CAST5-CBC, 
+# RC2-64-CBC, AES-128-CBC, AES-192-CBC and AES-256-CBC
+cipher BF-CBC
+
+# Shared Key Connection
+# ---------------------
+# Secret is one shared key between the hosts that want to connect through VPNs.
+# Without secret or TLS options, your data will not be encrypted.
+# 
+# To generate an encryption key do:
+#   openvpn --genkey --secret /etc/openvpn/keys/shared.key
+#
+# Do the above on one host and copy it to the others
+secret keys/shared.key
+
+# TLS Connections
+# ---------------
+# TLS must be used if you use option "server" or "client"
+# The basic idea there is: You have one Certificate Authority, and all 
+# machines in your VPN network need to have individual certificates and 
+# keys signed by Certificate Authority.  This means each client can
+# have its own key, making it easier to revoke a key without copying
+# a shared secret key to every client.
+#
+# Inside the /usr/doc/openvpn-$VERSION documentation directory, you can
+# find "easy-rsa" scripts to make certificate and key management easier.
+
+# Certificate Authority file 
+# This file must be identical on all hosts that connect to your VPN
+#ca certs/ca.crt
+
+# If you are the server, you need to specify some Diffie Hellman parameters. 
+# OpenVPN provides some sample .pem files in documentation directory
+#dh my-dh.pem
+
+# Certificate and Key signed by Certificate Authority
+# Each machine needs to have their own unique certificate
+#cert certs/machine.cert
+#key keys/machine.key
+
+# To prevent some DoS attacks we can add another authentication layer in the
+# TLS control channel.  This needs to be enabled at both ends to work
+# client uses the value 1; server uses the value 0
+#tls-auth keys/shared.key 0
+
diff --git a/source/n/openvpn/slack-desc b/source/n/openvpn/slack-desc
new file mode 100644
index 000000000..4f4af4c47
--- /dev/null
+++ b/source/n/openvpn/slack-desc
@@ -0,0 +1,19 @@
+# HOW TO EDIT THIS FILE:
+# The "handy ruler" below makes it easier to edit a package description.  Line
+# up the first '|' above the ':' following the base package name, and the '|'
+# on the right side marks the last column you can put a character in.  You must
+# make exactly 11 lines for the formatting to be correct.  It's also
+# customary to leave one space after the ':'.
+
+       |-----handy-ruler------------------------------------------------------|
+openvpn: openvpn (secure IP tunnel daemon)
+openvpn:
+openvpn: OpenVPN is a full-featured SSL VPN which can accomodate a wide range
+openvpn: of configurations, including remote access, site-to-site VPNs, WiFi
+openvpn: security, and enterprise-scale remote access with load balancing,
+openvpn: failover, and fine-grained access-controls.
+openvpn:
+openvpn: OpenVPN's home on the net is:  http://openvpn.net
+openvpn:
+openvpn:
+openvpn: